Search:   Namespaces Discussions .NET v1.1 Feedback

Users, Roles etc... Question to Scott G. Messages   Related Types This message was discovered on ASPFriends.com 'aspngbeta' list. Responses highlighted in red are from those people who are likely to be able to contribute good, authoratitive information to this discussion. They include Microsoft employees, MVP's and others who IMHO contribute well to these kinds of discussions. atj@kylas.com (Anil John) Scott, In your message given below, you had spoken of building a simple sample to demonstrate the concepts that you were speaking about... Did you ever get a chance to do this? I am definitely one of those who gain a better understanding after looking over code samples... So any help along these lines would be appreciated. Anil --------------- One way to store roles without having to rehit the database on each request would be to utilize a client-side cookie to persist the roles. You could then use the Application_AuthenticateRequest event to take this cookie and instantiate an appropriate GenericPrincipal object with the role information. If you wanted to be fancy, you could even using a sliding window timeout on this role information -- causing you to automatically invalidate and then repopulate the cookie with the database stored role mappings after a specified period of time. The thing you need to careful of, naturally, is to ensure that clients can't maliciously manipulate the client-side cookie contents between round-trips. You can do this in one of two ways: 1) Using the System.Security.Cyptography APIs to manually encrypt/decrypt the cookie content 2) Utilize the built in "UserData" property exposed on the CookieAuthenticationTicket class (which is in turn exposed off of the CookieIdentity class which User.Identity is an instance of when forms based authentication is enabled). The "UserData" property allows you to get/set a string (in whatever format you want). The forms based authentication system will then automatically encrypt/decrypt its value for you. Note that the IBuySpy News application will demonstrate how to do the above when we finish building it and post it onto www.IBuySpy.com. Give me a shout if you have problems implementing the above solution in the meantime, however, and I'll see if I can build a simple sample to demonstrate. Hope this helps, - Scott ----------------------------------------------------------- EMail: Click here to reveal e-mail address My ASP.NET Sample Site: http://www.eraserver.net/scottgu -- _______________________________________________________________ Anil John Click here to reveal e-mail address [PGP Key Available] Reply to this message...        Chuck (VIP) Scott, I'd be interested in seeing anything that allows you to set the cookie expiration or put something in the userdata area. I've put up half a dozen posts on this and similar topics regarding cookie authentication and have never gotten an answer (even on asngescalate). At 06:02 PM 4/30/2001 -0700, you wrote: [Original message clipped] Reply to this message...     System.Security.Principal.GenericPrincipal Ad MBR BootFX Best-of-breed application framework for .NET projects, developed by Matthew Baxter-Reynolds and MBR IT

Copyright © Matthew Baxter-Reynolds 2001-2008. '.NET 247 Software Development Services' is a trading style of MBR IT Solutions Ltd. Contact Us - Terms of Use - Privacy Policy - www.dotnet247.com